Cyber criminals return for seconds after ransomware payments

  • Over a third (36%) of companies who paid a ransom were subsequently targeted by cyber criminals for a second time
  • More than four in 10 (41%) companies who paid a ransom failed to recover all their data
  • More than a quarter (26%) felt a ransomware attack materially threatened the solvency and viability of their company
  • Phishing emails are still the most common point of infiltration for ransomware gangs

London, UK (8th November 2022) – Over a third (36%) of companies who paid a ransom to cyber criminals went on to be targeted for a second time, according to the latest Cyber Readiness Report released by specialist insurer Hiscox. In addition, more than four in 10 (41%) of those that paid ransom demands to cyber criminals failed to recover all their data. 

The Hiscox Cyber Readiness Report, which is based on the views of over 5,000 organisations of all sizes across eight countries*, found the industries that were forced to pay a ransom were those with ‘just-in-time’ supply chains: food and drink (62%), manufacturing (51%) and leisure (50%). 

However, paying a ransom does not always work out the way businesses hope it will. Of those businesses that did pay, 43% still had to rebuild their systems, even though they received a recovery key from the hackers. Alarmingly, nearly a third (29%) who paid a ransom demand still had data leaked, and over a quarter (26%) felt that the attack had a significant financial impact by threatening the solvency and viability of their business.

The report also shows that the frequency of cyber attacks has increased by 12% year-on-year – with 48% of businesses suffering an attack in the past 12 months. Of those attacked, 19% were victims of ransomware, compared to 16% in the previous year. The Hiscox report also reveals that phishing remains the number one point of entry for cyber hackers (62%) to successfully infiltrate businesses in a ransomware attack. This was closely followed by entry using credential theft (44%), a third-party supplier (40%), an unpatched server (28%), and brute force credentials, such as password guessing (17%).

Gareth Wharton, Hiscox Cyber CEO, commented: “Ransomware is still the most prevalent and damaging form of cyber attack and it is not uncommon for a company to be hit multiple times. Even if a business owner makes the decision to pay the ransom, often they cannot  fully restore their systems or prevent a data breach. That is why it is vital that businesses take the necessary steps to protect their data and systems against a cyber attack; making it harder for cyber criminals to gain entry to their systems by keeping software up-to-date, running regular in-house training, and frequently backing-up data.

“Our report shows that investing in building robust cyber defences and preparing an effective response for an attack are more effective than paying cyber criminals. It is revealing that more than a quarter (26%) of businesses we surveyed paid a ransom in the hope of recovering their data because they did not have any back-ups, when regular and robust back-up processes can be one of the most effective ways of mitigating the impact of a ransomware attack.”


Notes to editors

Cyber Readiness Report 2022

For further information please contact:

Carmel McCarthy

T: +44 (0)7769 280903 

E: [email protected]

*The Hiscox Cyber Readiness Report surveyed a representative sample of organisations in the US, UK, Belgium, France, Germany, Spain, the Netherlands and Ireland.

Hiscox commissioned Forrester Consulting to gather information about businesses cyber activities and readiness. In total 5,181 professionals responsible for their company's cyber security strategy were surveyed (over 900 each from the USA, UK, France and Germany; more than 400 each from Belgium, Spain and The Netherlands; and more than 200 from the Republic of Ireland). Respondents completed the online survey between 30 November 2021 and 21 January 2022.

About The Hiscox Group

Hiscox is a global specialist insurer, headquartered in Bermuda and listed on the London Stock Exchange (LSE:HSX). Our ambition is to be a respected specialist insurer with a diverse portfolio by product and geography. We believe that building balance between catastrophe-exposed business and less volatile local specialty business gives us opportunities for profitable growth throughout the insurance cycle.

The Hiscox Group employs over 3,000 people in 14 countries, and has customers worldwide. Through the retail businesses in the UK, Europe, Asia and the USA, we offer a range of specialist insurance products in commercial and personal lines. Internationally traded, bigger ticket business and reinsurance is underwritten through Hiscox London Market and Hiscox Re & ILS.

Our values define our business, with a focus on people, courage, ownership and integrity. We pride ourselves on being true to our word and our award-winning claims service is testament to that. For more information, visit

All press releases